Data breaches are an unfortunate part of the digital interconnected era that we live in. But, whose fault is it really? Sometimes it’s no one’s fault. Sometimes the hackers are just that good. Other times, it might be the company’s fault, which is why T-Mobile is in hot water yet again and is being sued over a data breach that took place back in 2021.
Another lawsuit
Attorney General Bob Ferguson is filing a lawsuit, alleging that T-Mobile failed to “adequately secure sensitive personal information of more than 2 million Washingtonians.” The lawsuit also seeks compensation for consumers impacted by the 2021 breach. Ferguson is also hoping that the lawsuit would force T-Mobile to improve on its cybersecurity practices and bring it in line with industry standards.
This is not the first time that T-Mobile has found itself in legal trouble over the 2021 data breach. Customers brought a class-action lawsuit against T-Mobile back in 2022. This resulted in T-Mobile paying an eye-watering $350 million to settle the case against it.
The company also found itself in the crosshairs of the FCC which investigated it over its repeated cybersecurity issues. This resulted in a smaller $15.75 million fine back in 2024. As part of the deal, the carrier also paid another $15.75 million to improve its cybersecurity infrastructure.
Was this preventable?
So the question is, is T-Mobile really at fault here? Or are the hackers simply that good? According to the lawsuit filed by Ferguson, he believes that T-Mobile is at fault. The Attorney General claims T-Mobile “had years” to fix the key vulnerabilities that led to the data breach. “This significant data breach was entirely avoidable. T-Mobile had years to fix key vulnerabilities in its cybersecurity systems — and it failed.”
He also claims that the company failed to properly notify the two million Washington residents impacted by the breach. It also seems that T-Mobile had breached the Consumer Protections Act. This is because the carrier apparently omitted key information that made it difficult for customers to determine if they were at risk of potential identity theft or fraud.
The breach exposed a lot ton sensitive data. This included names, phone numbers, physical addresses, date of birth, Social Security numbers, driver’s license numbers, and so on. It also affected not just existing customers, but former and prospective customers.
T-Mobile has yet to comment on the fact that it is being sued again over this nearly four-year-old data breach.
